CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8350

MEDIUM
6.6
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile34.00th
PublishedMay 13, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.

Affected Platforms (CPE)

πŸ“¦
Simple

Better Banking

>= 2.45.0 and <= 2.45.3

References & Advisories

πŸ”— https://www.bishopfox.com/news/2019/02/simple-better-banking-android-v-2-45-0-2-45-3-sensitive-information-disclosure/
πŸ”— https://www.simple.com/policies/security
πŸ”— https://www.bishopfox.com/news/2019/02/simple-better-banking-android-v-2-45-0-2-45-3-sensitive-information-disclosure/
πŸ”— https://www.simple.com/policies/security

Related Vulnerabilities

CVE-2019-726810.0

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....

CVE-2019-420210.0

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ...

CVE-2019-725710.0

Linear eMerge E3-Series devices allow Unrestricted File Upload.